From b503b6f9ba25d44d3024813887675bf911057079 Mon Sep 17 00:00:00 2001
From: mumesan <mithunkrishnanu@gmail.com>
Date: Fri, 3 Jan 2025 11:51:08 +0000
Subject: [PATCH] Fix httpd config for X-Forwarded-Proto

---
 templates/ironicapi/config/ironic-api-httpd.conf |  2 ++
 templates/ironicinspector/config/httpd.conf      | 10 ++++++++--
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/templates/ironicapi/config/ironic-api-httpd.conf b/templates/ironicapi/config/ironic-api-httpd.conf
index 6ce26b76..64dc5129 100644
--- a/templates/ironicapi/config/ironic-api-httpd.conf
+++ b/templates/ironicapi/config/ironic-api-httpd.conf
@@ -46,6 +46,8 @@ CustomLog /dev/stdout proxy env=forwarded
   SSLEngine on
   SSLCertificateFile      "{{ $vhost.SSLCertificateFile }}"
   SSLCertificateKeyFile   "{{ $vhost.SSLCertificateKeyFile }}"
+{{- else }}
+  SetEnvIf X-Forwarded-Proto http HTTPS=0
 {{- end }}
 
   ## WSGI configuration
diff --git a/templates/ironicinspector/config/httpd.conf b/templates/ironicinspector/config/httpd.conf
index 5b98949e..d6ae4e37 100644
--- a/templates/ironicinspector/config/httpd.conf
+++ b/templates/ironicinspector/config/httpd.conf
@@ -30,8 +30,12 @@ CustomLog /dev/stdout proxy env=forwarded
   ServerName {{ $vhost.ServerName }}
 
   ## Request header rules
-  ## as per http://httpd.apache.org/docs/2.2/mod/mod_headers.html#requestheader
-  RequestHeader set X-Forwarded-Proto "https"
+  ## as per http://httpd.apache.org/docs/2.4/mod/mod_headers.html#requestheader
+  {{- if $vhost.TLS }}
+    RequestHeader setIfEmpty X-Forwarded-Proto "https"
+  {{- else }}
+    RequestHeader setIfEmpty X-Forwarded-Proto "http"
+  {{- end }}
 
   ## Proxy rules
   ProxyRequests Off
@@ -46,6 +50,8 @@ CustomLog /dev/stdout proxy env=forwarded
   SSLEngine on
   SSLCertificateFile      "{{ $vhost.SSLCertificateFile }}"
   SSLCertificateKeyFile   "{{ $vhost.SSLCertificateKeyFile }}"
+{{- else }}
+  SetEnvIf X-Forwarded-Proto http HTTPS=0
 {{- end }}
 </VirtualHost>
 {{ end }}